Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-3348: How to distinguish between CAC and PIV certificates on CAC-NG cards

Authentication Service ,  

22 March,21 at 10:06 PM


How to distinguish between CAC and PIV certificates on CAC-NG cards?



CAC-NG, also known as "Common Access Card - Next Generation" have two sets of Certificates:

  • CAC certificate
  • PIV certificate

Insert the card into a card reader and run either of the following commands to find out the NT Principal Name on the card:

sctool –D | grep “NT Principal Name”


sctool -D


This will provide a output where two sets of NT principal names should be seen:

  1. NT Principal Name: 1234567890@mil (10 digit #) --> CAC certificate
  2. NT Principal Name: 1234567890123456@mil (16 digit #) --> PIV certificate


  1. NT Principal Name with 10 digits represents a CAC certificate
  2. NT Principal Name with 16 digits represents a PIV certificate

Related Articles

No related Articles